In-Store Prosthesis Privacy Policy

Effective Date: April 14, 2003
Revised Effective Date: April 30, 2024

Protecting customer information is a priority for Nordstrom. We understand that your trust is our most important asset, and the Nordstrom In-Store Prosthesis Program is committed to protecting and using your protected health information in compliance with our legal obligations and your expectations.

THIS POLICY DESCRIBES HOW PROTECTED HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Summary

The Nordstrom In-Store Prosthesis Program ("we," "our" or "us") has established a policy to guard against any unnecessary disclosure of your protected health information that is created and used in conjunction with your prosthesis-related purchase at a Nordstrom brick-and-mortar store. In this statement, we refer to this personal health information as protected health information ("PHI").

PHI means information that is created or received by us that relates to: (1) your past, present or future physical health or condition; (2) the provision of health care to you; or (3) the past, present or future payment for the provision of health care to you; and such information that identifies you or could be used to identify you.

These safeguards are intended to comply with federal privacy regulations under the Health Insurance Portability and Accountability Act ("HIPAA").

Please note this Policy only applies to in-store sales of prosthetic devices; for information on our privacy practices associated with customer information that is not PHI, please see the Nordstrom Privacy Policy. Our online Prosthesis Program is not subject to HIPAA because we cannot assist you with a fitting of your prosthetic garment or assist you with the billing of your insurance. Employees who work in the online Prosthesis Program call center are not permitted to assist with fitting or billing and insurance matters.

This In-Store Prosthesis Privacy Policy ("this Policy") explains your legal rights and our responsibilities with respect to your protected health information.

Your Rights

You have the right to know how we use and disclose your PHI. You also have the right to:

• Receive a copy of this Policy upon request.
• Inspect and copy your PHI. Also, if we maintain your PHI in an electronic format, you may receive a copy electronically or ask us to send the record electronically to a third party. The term "electronic health record" means an electronic record of health-related information about you that is created, gathered, managed and consulted by authorized health care clinicians and staff.
• Request to amend your PHI if it was created by us.
• Receive an accounting of certain PHI disclosures during the six-year period preceding your request.
• Request that you receive confidential communications from us (for example, only to your office or to your home).
• Request additional restrictions on how we use or disclose your PHI; however, in most cases, we are not required to agree with any requested restrictions.

If you wish to exercise any of these rights, you must submit your request in writing to: Nordstrom Corporate Prosthesis Manager, 1617 6th Avenue, 5th Floor, Seattle, WA 98101. If your request is denied, you generally have the right to appeal the denial. You will receive more information about your appeal rights if you make a request and it is denied.

Uses & Disclosures

We may use or disclose your PHI without your permission in the following situations:

Treatment: We may use or disclose your PHI to provide you prosthesis-related services in store. For example, we may contact your doctor for additional information about your medical condition.

Payment: We may use or disclose your PHI to obtain payment for services we have provided. For example, we may contact your health insurance carrier to verify eligibility, and we may work with a service provider to submit claims to your health insurance carrier.

Health Care Operations: We may use or disclose your PHI, as necessary, to perform administrative activities that are necessary to manage our In-Store Prosthesis Program. For example, we may use PHI to identify individuals who are entitled to receive this Policy and to arrange for and conduct internal audits, including fraud and abuse detection programs.

As Permitted by Law: We may use or disclose your PHI as permitted by law. For example, we may disclose PHI in the following situations:

• As authorized by and to the extent necessary to comply with laws relating to worker's compensation or similar programs that provide benefits for work-related injuries or illnesses.
• To prevent or lessen a serious and imminent threat to your health and safety or to the health and safety of the public.
• In response to an administrative or court order or a request for information in a lawsuit involving you.
• To public health agencies, for example, for the licensure of health care providers.
• To authorized military personnel if you are a member of the armed forces.

In Our Communications with You: We may use or disclose your PHI to communicate our health-related products or services to you. For example, we may send you periodic information about our new prosthesis-related products or services that we believe may benefit you. We will not use PHI to communicate with you regarding other Nordstrom products and services. In California, state law requires that if we request medical information from you that will be used for any direct marketing purpose, we must inform you and obtain your consent.

Certain Other Situations: We may use or disclose your PHI if you are present and agree to the disclosure, if we give you the opportunity to object to the disclosure and you do not, or if it is an emergency. For example, we may discuss your PHI with you while a family member is present if you agree.

As Authorized by You: We may use or disclose your PHI to other persons upon your written authorization. For example, we may speak with a family member if we have your permission. Please note that your authorization will remain effective until you revoke it in writing. Also, Nordstrom cannot take back any disclosures of PHI we have already made with your authorization, and we are required by law to retain certain medical records. The following uses or disclosures may be made only with your authorization:

• Use or disclosure of PHI for marketing purposes
• Sale of PHI

We are required to notify you if there is any breach of unsecured PHI.

Our Responsibilities

We are required by law to maintain the privacy of your PHI and to provide you with a notice of our legal duties and privacy practices with respect to PHI. In addition, we are required to abide by the terms of the policy currently in effect. Find more information about your privacy at Nordstrom.

Contact Us

If you have questions about this Policy or our privacy practices, please contact us at:

Nordstrom Corporate Prosthesis Program
1617 6th Avenue, 5th Floor
Seattle, WA 98101
1.800.804.1502 (Prosthesis Hotline)
1.844.894.6160 (Fax)

Additional Information

If you believe your privacy rights concerning your PHI have been violated, you may also make a formal complaint directly to the Secretary of Health and Human Services at:

Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue, SW
Room 509F, HHH Building
Washington, D.C. 20201

You will not be retaliated against for filing a complaint.

We reserve the right to change the terms of this In-Store Prosthesis Privacy Policy. New policy provisions will be effective for all PHI we currently have and PHI we receive in the future. If this Policy is revised, the revised policy will be provided at your next visit during which we provide you service. Except as expressly noted, this Policy relates to PHI only and does not affect our information practices with respect to other information. The examples contained in this In-Store Prosthesis Privacy Policy are illustrations only and are not intended to be exhaustive.